RESOLVED FIXED 176719
WKBundlePageWillSendSubmitEventCallback is called with incorrect frame parameter 
https://bugs.webkit.org/show_bug.cgi?id=176719
Summary WKBundlePageWillSendSubmitEventCallback is called with incorrect frame parameter
Michael Catanzaro
Reported 2017-09-11 12:08:01 PDT
The definition for WKBundlePageWillSendSubmitEventCallback is this: typedef void (*WKBundlePageWillSendSubmitEventCallback)(WKBundlePageRef page, WKBundleNodeHandleRef htmlFormElementHandle, WKBundleFrameRef frame, WKBundleFrameRef sourceFrame, WKDictionaryRef values, const void* clientInfo); It's clearly intended to parallel WKBundlePageWillSubmitFormCallback, since almost all the parameters are the same. Now, in WKBundlePageWillSubmitFormCallback, the first WKBundleFrameRef, "frame", is the frame of the form target, and the second WKBundleFrameRef, sourceFrame, is the frame containing the form. That's correct. But in WKBundlePageWillSendSubmitEventCallback, both frame and sourceFrame are always identical. The problem is that the FrameLoaderClient delegate is called on the wrong FrameLoaderClient. It should be called on the FrameLoaderClient of the target frame, but HTMLFormElement calls it on the FrameLoaderClient of the source frame instead. The forthcoming patch fixes this and adds a test. Since the change is in WebCore, it *technically* doesn't require owner approval, but it would certainly be good for someone from Apple to review it please.
Attachments
Patch (11.17 KB, patch)
2017-09-11 12:30 PDT, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews104 for mac-elcapitan-wk2 (1.71 MB, application/zip)
2017-09-11 13:20 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews102 for mac-elcapitan (1.34 MB, application/zip)
2017-09-11 13:39 PDT, Build Bot 		no flags
Details
Patch (8.13 KB, patch)
2017-09-11 13:41 PDT, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
Patch (12.08 KB, patch)
2017-10-24 19:12 PDT, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews100 for mac-elcapitan (1.21 MB, application/zip)
2017-10-24 20:21 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (10.40 MB, application/zip)
2017-10-24 20:39 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews116 for mac-elcapitan (2.10 MB, application/zip)
2017-10-24 21:04 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews106 for mac-elcapitan-wk2 (1.27 MB, application/zip)
2017-10-25 10:15 PDT, Build Bot 		no flags
Details
Patch (11.42 KB, patch)
2017-10-25 13:59 PDT, Michael Catanzaro 		cdumez: review+
DetailsFormatted DiffDiff
Archive of layout-test-results from ews105 for mac-elcapitan-wk2 (1.60 MB, application/zip)
2017-10-25 17:27 PDT, Build Bot 		no flags
Details
Show Obsolete (10) View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2017-09-11 12:30:50 PDT
Created attachment 320455 [details] Patch
Michael Catanzaro
Comment 2 2017-09-11 13:12:56 PDT
I think it broke fast/forms/input-image-submit.html... waiting for the EWS results.
Build Bot
Comment 3 2017-09-11 13:20:50 PDT
Comment on attachment 320455 [details] Patch Attachment 320455 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4514623 New failing tests: fast/forms/input-image-submit.html
Build Bot
Comment 4 2017-09-11 13:20:51 PDT
Created attachment 320463 [details] Archive of layout-test-results from ews104 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
Build Bot
Comment 5 2017-09-11 13:39:31 PDT
Comment on attachment 320455 [details] Patch Attachment 320455 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/4514876 New failing tests: fast/forms/input-image-submit.html
Build Bot
Comment 6 2017-09-11 13:39:33 PDT
Created attachment 320464 [details] Archive of layout-test-results from ews102 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Michael Catanzaro
Comment 7 2017-09-11 13:41:14 PDT
Created attachment 320465 [details] Patch
Chris Dumez
Comment 8 2017-10-13 11:20:18 PDT
Comment on attachment 320465 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=320465&action=review Good fix but I have a suggestion to make the fix a bit cleaner. > Source/WebCore/html/HTMLFormElement.cpp:281 > + auto temporarySubmission = FormSubmission::create(*this, m_attributes, &event, LockHistory::Yes, NotSubmittedByJavaScript); I do not like this part. I would suggest: 1. Add an effectiveTarget() method to HTMLFormElement which uses the submitButton's formtarget attribute is available, falls back to HTMLFormElement::target() and then falls back to document().baseTarget(). 2. Use effectiveTarget() here instead of constructing a FormSubmission 3. Use effectiveTarget() in FormSubmission::create() to avoid code duplication.
Michael Catanzaro
Comment 9 2017-10-24 19:10:40 PDT
Thanks for the review, Chris, and sorry for the delay. I think/hope I've properly implemented your suggestion. Let's see if it passes EWS.
Michael Catanzaro
Comment 10 2017-10-24 19:12:47 PDT
Created attachment 324777 [details] Patch
Build Bot
Comment 11 2017-10-24 20:21:45 PDT
Comment on attachment 324777 [details] Patch Attachment 324777 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/4979053 New failing tests: fast/forms/formtarget-attribute-button-html.html fast/forms/formtarget-attribute-input-html.html fast/forms/formtarget-attribute-input-2.html
Build Bot
Comment 12 2017-10-24 20:21:47 PDT
Created attachment 324784 [details] Archive of layout-test-results from ews100 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Michael Catanzaro
Comment 13 2017-10-24 20:35:44 PDT
(In reply to Michael Catanzaro from comment #9) > Thanks for the review, Chris, and sorry for the delay. I think/hope I've > properly implemented your suggestion. Let's see if it passes EWS. Signs point to "no"
Build Bot
Comment 14 2017-10-24 20:39:52 PDT
Comment on attachment 324777 [details] Patch Attachment 324777 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/4979047 New failing tests: fast/forms/formtarget-attribute-button-html.html fast/forms/formtarget-attribute-input-html.html
Build Bot
Comment 15 2017-10-24 20:39:54 PDT
Created attachment 324788 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.6
Build Bot
Comment 16 2017-10-24 21:04:01 PDT
Comment on attachment 324777 [details] Patch Attachment 324777 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4979226 New failing tests: fast/forms/formtarget-attribute-button-html.html fast/forms/formtarget-attribute-input-html.html fast/forms/formtarget-attribute-input-2.html
Build Bot
Comment 17 2017-10-24 21:04:02 PDT
Created attachment 324789 [details] Archive of layout-test-results from ews116 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Build Bot
Comment 18 2017-10-25 10:15:01 PDT
Comment on attachment 324777 [details] Patch Attachment 324777 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4984334 New failing tests: fast/forms/formtarget-attribute-button-html.html fast/forms/formtarget-attribute-input-html.html fast/forms/formtarget-attribute-input-2.html
Build Bot
Comment 19 2017-10-25 10:15:02 PDT
Created attachment 324840 [details] Archive of layout-test-results from ews106 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
Michael Catanzaro
Comment 20 2017-10-25 13:59:34 PDT
Created attachment 324891 [details] Patch
Michael Catanzaro
Comment 21 2017-10-25 16:44:41 PDT
OK, looks better now. mac-debug is still orange, but the failures there appear to be unrelated.
Build Bot
Comment 22 2017-10-25 17:27:29 PDT
Comment on attachment 324891 [details] Patch Attachment 324891 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4990660 Number of test failures exceeded the failure limit.
Build Bot
Comment 23 2017-10-25 17:27:30 PDT
Created attachment 324928 [details] Archive of layout-test-results from ews105 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
Michael Catanzaro
Comment 24 2017-10-25 18:16:18 PDT
Comment on attachment 324891 [details] Patch Seems the mac-wk2 EWS is having some unrelated problems with Apache.
Michael Catanzaro
Comment 25 2017-10-30 07:22:03 PDT
Pinging cdumez :)
Chris Dumez
Comment 26 2017-10-30 09:45:20 PDT
Comment on attachment 324891 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=324891&action=review r=me > Source/WebCore/html/HTMLFormElement.cpp:671 > + for (auto node = event->target()->toNode(); node; node = node->parentNode()) { assuming toNode() returns a raw pointer, I'd prefer auto* than auto. But really, I think this should use: auto* targetNode = event->target()->toNode(); return targetNode ? lineageOfType<HTMLFormControlElement>(*targetNode)).first() : nullptr;
Michael Catanzaro
Comment 27 2017-10-30 14:16:08 PDT
Question! (In reply to Chris Dumez from comment #26) > Comment on attachment 324891 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=324891&action=review > > r=me > > > Source/WebCore/html/HTMLFormElement.cpp:671 > > + for (auto node = event->target()->toNode(); node; node = node->parentNode()) { > > assuming toNode() returns a raw pointer, I'd prefer auto* than auto. It's a RefPtr<Node>, so it has to be plain auto. > But > really, I think this should use: > auto* targetNode = event->target()->toNode(); > return targetNode ? > lineageOfType<HTMLFormControlElement>(*targetNode)).first() : nullptr; I failed to get this to work, because lineageOfType requires an Element, not a Node. I messed around a bit and came up with this: HTMLFormControlElement* HTMLFormElement::findSubmitButton(const Event* event) const { if (event && event->target()) { if (auto targetNode = event->target()->toNode()) { if (auto* element = downcast<Element>(targetNode.get())) return lineageOfType<HTMLFormControlElement>(*element).first(); } } return nullptr; } But that breaks fast/forms/form-submission-create-crash.xhtml: ASSERTION FAILED: !source || is<Target>(*source) ../../Source/WTF/wtf/TypeCasts.h(89) : typename WTF::match_constness<Source, Target>::type* WTF::downcast(Source*) [with Target = WebCore::Element; Source = WebCore::Node; typename WTF::match_constness<Source, Target>::type = WebCore::Element] Not sure what to do here. Is the existing version of the code OK?
Chris Dumez
Comment 28 2017-10-30 14:20:19 PDT
Comment on attachment 324891 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=324891&action=review >>> Source/WebCore/html/HTMLFormElement.cpp:671 >>> + for (auto node = event->target()->toNode(); node; node = node->parentNode()) { >> >> assuming toNode() returns a raw pointer, I'd prefer auto* than auto. But really, I think this should use: >> auto* targetNode = event->target()->toNode(); >> return targetNode ? lineageOfType<HTMLFormControlElement>(*targetNode)).first() : nullptr; > > It's a RefPtr<Node>, so it has to be plain auto. Oh, it is true that lineageOfType() expects an element in parameter :/ Just leave as is then. You are merely moving this code anyway.
Chris Dumez
Comment 29 2017-10-30 14:21:00 PDT
(In reply to Michael Catanzaro from comment #27) > Question! > > (In reply to Chris Dumez from comment #26) > > Comment on attachment 324891 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=324891&action=review > > > > r=me > > > > > Source/WebCore/html/HTMLFormElement.cpp:671 > > > + for (auto node = event->target()->toNode(); node; node = node->parentNode()) { > > > > assuming toNode() returns a raw pointer, I'd prefer auto* than auto. > > It's a RefPtr<Node>, so it has to be plain auto. > > > But > > really, I think this should use: > > auto* targetNode = event->target()->toNode(); > > return targetNode ? > > lineageOfType<HTMLFormControlElement>(*targetNode)).first() : nullptr; > > I failed to get this to work, because lineageOfType requires an Element, not > a Node. I messed around a bit and came up with this: > > HTMLFormControlElement* HTMLFormElement::findSubmitButton(const Event* > event) const > { > if (event && event->target()) { > if (auto targetNode = event->target()->toNode()) { > if (auto* element = downcast<Element>(targetNode.get())) > return > lineageOfType<HTMLFormControlElement>(*element).first(); Yes, this is an unsafe downcast as we don't know that the Node is an Element.
Michael Catanzaro
Comment 30 2017-10-30 15:41:43 PDT
Does downcast not do any type checking? I guess that's why it's not dynamic_cast. Foolish me!
Michael Catanzaro
Comment 31 2017-10-30 15:42:27 PDT
Committed r224206: <https://trac.webkit.org/changeset/224206>
Radar WebKit Bug Importer
Comment 32 2017-11-15 13:13:27 PST
<rdar://problem/35569037>
Note You need to log in before you can comment on or make changes to this bug.